Publishers of technology books, eBooks, and videos for creative people

Home > Articles

HIPAA: What It Is and Why You Should Care

  • Print
  • + Share This
You've probably already experienced some effects of new HIPAA regulations at your doctor's office. But these more stringent privacy policies don't affect just your doctor and her patients; they also apply to the IT solution provider who stores those patient records, and maybe other tech companies down the line.

What Is HIPAA?

As our society becomes increasingly dependent on the flow of information in our daily lives, the ease with which such information is transmitted needs to be balanced with the concerns of privacy and security. This balance is most critical for information that relates directly to our personal livelihood and health, such as financial information and our medical records.

As one of the largest healthcare providers and information consumers in the world (with Medicare and Medicaid), the U.S. government needed to address two major issues:

  • Accountability. As the electronic flow and exchange of information has become more prevalent, so have fears about how such information might be used and/or abused in this information age.

  • Standards. Information can only be exchanged easily if standards for both the format and exchange of the data can be followed by all interested parties.

In 1996, the United States Congress passed the Healthcare Insurance Portability and Accountability Act, commonly referred to as HIPAA (pronounced HIP-uh). Through HIPAA, Congress charged the department of Health and Human Services (HHS) with addressing the information concerns facing the healthcare industry.

Some of the HIPAA rules are already in effect, others are just now coming online, and a final set is waiting in the wings. The rules published by HHS break down into four broad areas:

  • The Transactions Rule

  • The Privacy Rule

  • Standard Unique Employer Identifier

  • Provider and Health Plan Identifiers

Let's take a closer look at what has been implemented and what's coming down the road.


Disclaimer: The content of this article is provided for informational purposes only. The author of this article is not a lawyer, and nothing here should be construed as legal advice. For all questions regarding legal matters, you should consult an attorney, not the World Wide Web.


Once HHS publishes a rule under HIPAA, the industry is typically given 24 months before compliance with the rule is mandatory. This is a far greater lead time than most rules, but the increased compliance time is warranted due to the complexity of implementing new information technology. Currently, the rules take effect as shown in the following table.


Mandatory Compliance Date

The Transactions and Code Set Standards

October 16, 2003

The Privacy Rule

April 14, 2003

The Security Rule

April 21, 2005

Standard Unique Employer Identifier

July 30, 2004

Standard Provider and Plan Identifiers

Not yet established

HIPAA is in the news again this summer due to the compliance date for the Standard Unique Employer Identifier, which falls under mandatory compliance on July 30. Of course, there are some exceptions for mandatory compliance, such as an exception for small plan providers or for filing for an extension.


To ensure compliance with HIPAA and to give the legislation some teeth, it carries some harsh penalties for not being in compliance. Companies can face fines of up to $25,000 for multiple violations of HIPAA rules within a calendar year, and intentionally violating HIPAA could garner a fine of $250,000 and up to 10 years in prison.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.